ietf-asrg
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

RE: [Asrg] 6. Proposals - Challenge/response - CRI

2003-08-20 13:18:13
from [Eric Dean] [Permanent Link] 
Yes considering many CR systems use CR URLs such as
http://cr.foo.com/?sender=joe(_at_)foo(_dot_)com&rcpt=sue(_at_)bar(_dot_)com

There's a lot of room for improvement.


-----Original Message-----
From: asrg-admin(_at_)ietf(_dot_)org [mailto:asrg-admin(_at_)ietf(_dot_)org] 
On Behalf Of

Deven

T. Corzine
Sent: Wednesday, August 20, 2003 1:42 PM
To: Yakov Shafranovich
Cc: Andrew Akehurst; asrg(_at_)ietf(_dot_)org
Subject: Re: [Asrg] 6. Proposals - Challenge/response - CRI

On Wed, 20 Aug 2003, Yakov Shafranovich wrote:


I think the only really significant semantic suggestion I'm

making

is that a hash of the body of a message should be included to
prevent forgeries of level-two systems.


That has been mentioned before and is a pretty good idea. It also
alleviates some privacy concerns since the originating MTA/MUA does

not

have to store copies of messages, but can store MD5 hashes instead.


Using a hash is an obvious thing to do, but it begs the question of
exactly
what you're hashing.  You can't safely hash the entire message because

the

headers change on every hop, at least for Received: lines.  Other

headers

might be mangled or normalized as well.  You can ignore the header,

but it

would be good to validate parts of it.  Even if you just hash the

body,

you
have to be concerned about the message being mangled by intermediate

MTAs.


Now, you could Base64-encode the content to protect it against

mangling,

but that renders the plaintext of the message unreadable.  You could

strip

out all characters but the ones used for Base64 encoding, and hash

that.

Perhaps quoted-printable encoding would be another semi-readable

option.


PGP has to deal with this issue for "clear-signed" messages -- how

does it

address this issue?  (Or does it depend on the body not getting

mangled to

be able to verify the signature?)

Of course, another option is to simply use PGP.  This seems the

obvious

answer for mailing lists -- the mailing list should clear-sign all

valid

messages with a private key used only for that mailing list, and have

the

user whitelist that PGP key (perhaps by keeping a copy signed with

their

own PGP key?) -- then no spammer could forge messages appearing to be

from

that mailing list...

Deven


_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg



_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  RE: [Asrg] 4d. Consent Framework - Protocols and Formats - XML Based, Andrew Akehurst
Next by Date:  [Asrg] RE: 4d. Consent Framework - Language for Consent, Pete (Madscientist)
Previous by Thread:  Re: [Asrg] 6. Proposals - Challenge/response - CRI, Deven T. Corzine
Next by Thread:  Re: [Asrg] 6. Proposals - Challenge/response - CRI, david nicol
Indexes:  [Date] [Thread] [Top] [All Lists]